On Windows hosts, if you have configured a VMware host to guest shared folder (HGFS), it is possible for a program running in the guest to gain access to the host's file system and create or modify executable files in sensitive locations.

NOTE: VMware Server is not affected because it doesn't use host to guest shared folders. No versions of ESX Server, including ESX Server 3i, are affected by this vulnerability. Because ESX Server is based on a bare-metal hypervisor architecture and not a hosted architecture, and it doesn't include any shared folder abilities. Fusion and Linux based hosted products are unaffected.

VMware would like to thank CORE Security Technologies for working with us on this issue. This addresses advisory CORE-2007-0930.

The Common Vulnerabilities and exposures project (cve.mitre.org) has assigned the name CVE-2008-0923 to this issue.

An internal security audit determined that a malicious Windows user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user.

The same internal security audit determined that a malicious Windows user could exploit an insecurely created named pipe object to escalate privileges or create a denial of service attack. In this situation, the malicious user could successfully impersonate authd and attain privileges under which Authd is executing.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-1361, CVE-2008-1362 to these issues.

c. Updated libpng library to version 1.2.22 to address various security vulnerabilities

Several flaws were discovered in the way libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5269 to this issue.

VMCI was introduced in VMware Workstation 6.0, VMware Player 2.0, and VMware ACE 2.0. It is an experimental, optional feature and it may be possible to crash the host system by making specially crafted calls to the VMCI interface. This may result in denial of service via memory exhaustion and memory corruption.

VMware would like to thank Andrew Honig of the Department of Defense for reporting this issue.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1340 to this issue.